Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

glittermage writes "The WSJ reports on an ongoing case about alleged 'Hacker' Daniel David Rigmaiden, regarding the government's tools used to track mobile devices with or without a warrant. The judge may allow Daniel to defend himself against the government's claims by putting the technology into the light. Sounds good to me."

From a technical point of view what can be done is to trace cell-towers and cells that his phone has accessed and do a rough estimation of his location.

However if you are indoors in rural areas you can get rather weird results in location-handling since your phone isn't omni-directional but only sees towers in certain directions, which can make it appear that you are 10 miles off from where you actually are.

And it's fairly easy to detect this on some devices - it's just a question of sending some "AT" comma

A stingray works by mimicking a cellphone tower, getting a phone to connect to it and measuring signals from the phone. It lets the stingray operator "ping," or send a signal to, a phone and locate it as long as it is powered on, according to documents reviewed by the Journal. The device has various uses, including helping police locate suspects and aiding search-and-rescue teams in finding people lost in remote areas or buried in rubble after an accident.

Interesting timing. The Supreme Court is hearing oral arguments on the question of GPS tracking without a warrant [supremecourt.gov] on November 8th. I suspect the ruling could be applied to this kind of technology. Granted, one is "passive" tracking (the person owns the tracked device) and the other "active" (the government attaches the device to the person), but I see similarities in how the use of tracking technology in general impacts society's expectation of privacy.

Is there a reasonable expectation of privacy as it relates to what towers your phone connects to (and if it will connect to a spoofed tower?).

I.e. Postcard vs. Letter.

Is connecting to the cell tower analogous to sending a postcard? The voice call equivalent to a letter in an envelope?
-nB

The difference is that someone would have to happen upon a Postcard (unless they were specifically looking through the person's mail), which happens to have their name and address. Doing the same on a cell tower with lots of data requires a bit of cross checking to come up with the individual in question. Determining where they are based on multiple cell towers is even more involved.

It's not like a postcard. This is actually more like entrapment. They didn't simply monitor his cell device, they actively asked it to betray him.

On its face it sounds similar to the police sending you a letter saying "Congratulations, Mr. networkBoy! You have won a cash prize of at least $10 from the 'Get What's Coming To You!' lottery! Show up at 123 Main St at noon on Friday the 13th to claim your prize, and be prepared to show a photo ID", paying you $10 for arriving and presenting your ID, bringing y

Do you have an expectation of privacy when broadcasting signals? No. Of course not. And that's why, despite the USA's stupid laws, we encrypt our radio communications.

But it should be reasonable to expect the company selling you an encrypted phone not sell you out without a warrant.

Without the phone company identifying your phone for the snoopers you wouldn't stand out from the other anonymous devices. And because they refuse to use DOS-resistant protocols (ie, the phone only answering location queries from

The 4th amendment went out the window when they allowd the police to pull us over for no other reason but to see if we were drinking. The laws allowed to do that with no real reason, why not GPS tracking?

...or suddenly drop the charges without explanation. You know, the same tact the MAFIAA take in civil cases - go for it big-time, until it looks like you are not going to get the result you want, then give up, act like nothing happened, and move on to the next poor sap.

According to a Harris document, its devices are sold only to law-enforcement and government agencies.

Harris isn't the only one building these (other brands look a lot less like 1960's era gear) and we don't have assurances from these other manufacturers that they aren't being sold to private individuals or investigative firms.

A spokeswoman with the Bureau of Criminal Apprehension in Minnesota says officers don't need to seek search warrants in that state to use a mobile tracking device because it "does not intercept communication, so no wiretap laws would apply."

The big question is: if the device works as advertised by faking a basestation, pinging the phone and measuring the returned signal level, but does not intercept voice or data traffic, is that a wiretap?

That depends. If they use it to track a citizen, then naturally, it is not. If a citizen uses it to track law enforcement personnel, then naturally it is a wiretap and probably a dirty bomb while we're at it.

According to a Harris document, its devices are sold only to law-enforcement and government agencies.

Harris isn't the only one building these (other brands look a lot less like 1960's era gear) and we don't have assurances from these other manufacturers that they aren't being sold to private individuals or investigative firms.

We also don't have assurances that this can't be built by enterprising criminals. In another few years, home-brewed equivalent devices will likely be easy to make, thus empowering criminals, overprotective parents, and wannabe stalkers. If a warrant is not required, doesn't this mean that this technology fair game for anybody to use?

Better to have the technology exposed and patch the security hole, then consider a warrant-requiring backdoor for law enforcement (i.e. use the existing providers' antennae rather than shelling out the money for taxpayer-funded stalkers in vans).

Oh yeah, looks like any other 100% legit testimonial style website, with a web clip at the top that doesn't mention their product at all. I like how when you go to the order screen and check the phone model, it simple takes what you type there and says it's compatible.
For example:
Easy-Cell-Phone-Spy
Is Compatible with
Macron Overlord

Wiretaps carried out by MI5 and MI6 are blocked from being been used in court cases. The legal rationale is that if the wiretaps were used, then they would have to disclose the intercept technology and methods. Obviously they don't want that. Craig Murray, as ambassador to Uzbekistan, had knowledge of the intercept methods in use and he revealed them in his book 'Murder in Samarkand':

You can be bugged very easily. A sound bug can be no bigger than a pin, but it is not necessary to plant one. Directional microphones are very effective, and can be used from several hundred metres away if necessary, but it is much easier to use the telephone. Either a home landline or a mobile can be remotely activated to serve as a microphone, bugging the room even though the handset is down, or the mobile switched off. The resulting sound can be cleaned up to surprising quality."

The FBI apparently uses similar technology that they call a "roving bug" [cnet.com]. Apparently this is the big secret that they don't

I had thought the same, but with modern digital phones and firmware, who knows? If the design of the phone allows the firmware to control the circuit, rather than having it mechanically linked to the handset being picked up, then it must be possible. Certainly, for systems that combine phone function with answerphone, it must be possible for the firmware to order the phone "off-hook".

They can on some phones.Not sure about all, or newer ones. In the former USSR this was commonplace. I have some Bell rotary phones (setup a basic three phone partyline as an intercom with them) that relied on this ability to work properly.(Kids love the partyline BTW).-nB

In the former USSR it was believed to be commonplace, however it was technically impossible.The 30V loudspeakers connected to the local radio, on the other hand, were perfectly usable as microphones, and I would guess, some lucky KGB agents found such speakers in a mode suitable for listening. But everyone over the age of 15 knew that it's possible -- those speakers were commonly used as microphone replacement in home recording.

How can they use the device if the battery is taken out then? Never turn your phone off and leave the battery in, if you want it to be truly off. Of course, you'd need a device that has a user replaceable battery, not an iPhone or alike.

Sounds like we need to go back and use the old model 500 phones [wikipedia.org]. No software there to hack and the things last forever, my grandmother had a model 544 phone (the wall mount version of the model 500) that she replaced a couple of years ago so she could have a cordless and not have to sit or stand near the phone. .

Hrmm. There are several parts of the FBIs story here that aren't internally consistent.

It's pretty well known by now thanks to Hollywood and TV shows that police can track mobile phones by triangulating signal strengths at different cell towers. Heck, phones do it themselves these days. The fixes can be fairly accurate in urban areas. There's no need for the phone to be making a call in order to be traced this way, because as the article points out, towers can talk to the phone any time they want.

Presumably, phone companies require a warrant of some kind before performing this type of trace. This leads me to wonder if fake base stations like the Stingray devices have any use at all beyond avoiding phone companies legal processes. I could buy the explanation that a fake base station lets you get slightly more accurate fixes on the phones location, except that apparently even with these devices the best they were able to get was to a particular apartment block and they had to do old fashioned detective work to get closer. "Nearest block" is about as good as modern smartphones can do by themselves.

There are a few other puzzlers in there. The government claim they can't reveal the devices capabilities without compromising future investigations, and then go on to state quite clearly that the devices can't intercept calls or data and that's why they don't feel they need a proper search warrant. This makes sense. Some kind of roving fake base station in an FBI van wouldn't be able to route calls successfully. And the GPRS/3G protocols don't terminate data encryption at the base station, but rather further back in the core network. But that implies the person being traced would be able to notice - if the data connection stops working, or calls fails to place, it could be a sign you're being traced. Time to switch the phone off. That could even be automated by a smartphone app. Is that trivial workaround what they're afraid of?

Another puzzler. The 3G/UMTS protocols have the handset authenticate the network exactly to protect against fake base station attacks. How does the StingRay device handle this? Presumably, the major networks have all been required to hand over their root keys/certs so the FBI can emulate them. It makes you wonder how secure these keys can really be, if there are cops running around with the keys inside a box. If one of these devices got lost or was somehow sold to the wrong people, how hard would a key rotation be? Presumably you'd have to replace the SIMs? Again, this seems like a lot of problems that could easily be avoided by tracing the target device with the direct co-operation of the phone companies.

I'd like to think there's a purely technical reason for the use of these things, but given the FBIs prevarication over exactly what kind of warrants they are getting, I'd be worried it's more a legal dodge.

Another puzzler. The 3G/UMTS protocols have the handset authenticate the network exactly to protect against fake base station attacks. How does the StingRay device handle this? Presumably, the major networks have all been required to hand over their root keys/certs so the FBI can emulate them.

Not necessary. It goes something like this:

StingRay sends out "I am a cell tower" message

Cellphone responds asking "Really? I am xxxx, who are you?"

StingRay uses diversity antennae to triangulate position as it receives, then sends out "Oh, nobody important"

The 3G/UMTS protocols have the handset authenticate the network exactly to protect against fake base station attacks.

For GSM, this is not the case -- handsets do not authenticate the towers they're connecting to. It's trivial to become the loudest tower and get the phone to switch over to you... but there are technical hurdles around connecting back to the wireless carriers and getting calls / SMS to work correctly in both directions.

Presumably, phone companies require a warrant of some kind before performing this type of trace

That's a pretty big assumption there. The government will do everything it has the capability to do unless it is explicitly prohibited from doing it. That's partially because when you really get down to it on a personal level, some guy just wants to do his job, and isn't really thinking of the overall implications.

However, the majority of the blame lies on people who erroneously believe and accept as justificati

1. Acts as RF man in the middle between the phone and tower. Since it can't get identifying information, someone has to make a very short phone call that will be dropped immediately after they noticed that connection is established (and that is a BIG SECRET they are trying to protect).2. Forces fallback into an unencrypted or weakly encrypted mode (and then BIG SECRET is that the device is actually perfectly capable of intercepting conversati

They aren't trying to catch a pedo here, but somebody w/ the knowledge to break into computer systems. Of course he will challenge the law in every single manner he can think of to win his freedom. You can call it an attempt to get off the hook, except what the FBI is doing is in violation of the 4th by not obtaining legal permission to use their technology and furthermore it's unethical, these people are paid to protect us, not spy on us, if I need protection that only the FBI

I'm sorry but didn't you get the memo? The government has been just as nasty as any other bad guy for a number of years now, and hadn't paid attention to that little piece of paper called the constitution since Hoover and COINTELPRO [wikipedia.org]. I mean when they went so far as to drug and execute an American on American soil [wikipedia.org] because he advocated views the government didn't like? I'd say all bets are off after that comrade.

And I'd be worried about that whole "catch a pedo" remark too, as that is how they ramrod new nasty laws into effect, by saying its to "save the children/protect us from terrorists" For example just look at the guy now in jail for writing the "pro pedo' book, no children touched, no pictures, just his thoughts on a page. Seems I remember someone writing about a time when people will be arrested for thoughts somewhere, or for one the feds pull how about how they set up "pedo honeypots" but then didn't bother capturing the fricking referrer so that if some troll rickrolled you with a link to that site you could be in jail right now! Hell if I remember correctly the judge even ruled that it didn't matter that there was no actual CP anywhere on their honeypot because simply accessing the site was proof of intent!

So I'm sorry friend, but the government has been evil and/or batshit insane for quite awhile now. Presidents and politicians come and go, but the three letter guys? They are always there, with too damned little oversight (if there is any at all) and too damned much power. I wish I was a tinfoil hatter, but anyone who has watched the moves this country has been doing for the past couple of decades and which accelerated like mad after 9/11 knows they are drunk on power and rules don't seem to matter much anymore.

Charlie Savage reports for the New York Times on intelligence gathering. He has an article today [nytimes.com] that dovetails nicely into this Wall Street Journal article. Savage reports that two senators are concerned that the government is using secret means to surveil US citizens based on a ruling from the FISA court -- rulings that are secret. This is tantamount to having a secret law; something that is anathema to the Constitution.